Red Teaming & Social Engineering

Could your organisation handle a real-life cybersecurity incident?

If you conduct regular security testing and reviews, your organisation is heading in the right direction in terms of cybersecurity strategy. But have you considered scenario-based testing including red teaming and social engineering.

Our technical consultants take pride in our multi-layered approaches to testing the physical security of your buildings, networks and applications. Using a mixture of our security knowledge and skills, we can design a bespoke scenario-based exercises and simulations to test the protection of the assets you value most in your organisation.

Red Teaming

Real hackers don’t stick to a scope. Our red teaming service combines a number of test strategies and techniques in order to gain access to pre-defined information assets. These may include targeted web application attacks, war dialling and driving, social engineering and specialised malware. Our methodology involves:

Scenario Creation – devising a number of attack scenarios, each with unique targets and testing techniques

Testing – conducting tests over an extended period of time to verify your company’s ability to manage an attack

Configuration Review – reviewing the access point configuration in order to identify any deviations from best practice

Analysis and Report – detailing the business impact of our tests and identifying high-level gaps in order to provide management with insight into areas requiring improvement, alongside a technical report providing more detailed risk, vulnerability and remediation advice

Social Engineering

How ‘cybersecurity aware’ are your employees? IRM’s social engineering service is designed to identify shortfalls in employee security awareness and physical security, provide actionable remediation advice to combat the threat of malicious attackers and ultimately reduce the risk of employee-related security breaches. Our methodology involves:

Elicitation – obtaining sensitive and useful information from employees to use to attack the organisation

Pretexting – impersonating other members of your organisation, or persons of authority, in order to access sensitive areas of a building or coerce employees into performing actions to the benefit of the attack